Sections

Windows Server 2012 Essentials: Access the Server Remotely

While Windows Server 2012 Essentials provides excellent connectivity to your content and other server resources from within the local network, many users will be disconnected from that network much of the time too. How can you access your home office or small business network from the road?

The key to this functionality is a set of Essentials 2012 features that are collectively named Anywhere Access. This compromises a web front end to the PCs and server, your shared folders, and media collection, as well as VPN functionality which lets you remotely access your office network as if you were physically there.

Enabling Anywhere Access

Like many Essentials 2012 features, Anywhere Access needs to be enabled before it is available. You can do this from the Setup area of the Home tab in Dashboard. Or, also from Dashboard, just navigate to Settings, Anywhere Access.

Either way, you’re presented with a wizard that walks you through the steps required to configure the Anywhere Access features. Depending on your needs, this may be more complex than expected.

That’s because you need to connect your server to a publicly-available Internet domain name (like microsoft.com, though of course that one’s taken) for Anywhere Access to work. You can choose a domain name that you already own, or you can set up a new domain name: If you choose the latter, you can choose a xxxx.remotewebaccess.com address that will work fine for home office users but be unacceptable for anyone with an actual Internet presence.

Once the (Internet) domain name is set up, you configure Anywhere Access. This involves choosing which of the two Anywhere Access features you wish to enable, VPN (virtual private network) and/or Remote Web Access.

I’ll discuss those two features in a moment. After you’ve chosen, you determine whether permissions for Anywhere Access are applicable to all current and future users, though as the wizard notes you can always toggle these permissions at any time through the Users tab in Dashboard. (At least for standard users: Administrators always have Anywhere Access privileges.) Just right-click the user in question and choose View the account properties; then, navigate to the Anywhere Access tab in the resulting window.

After that, the wizard will set up the Anywhere Access features you enabled, including the VPN and the web site. It will then configure your router to forward external requests for these services to the Essentials 2012. That way, when you attempt to access your office network remotely (via VPN) or the Remote Web Access web site (from a web browser), everything will work as expected.

This last part of the wizard requires you to have a fairly modern router, which is to say one that can be programmatically controlled via UPnP (Universal Plug and Play). If your router is not compatible, you’ll see the following error message and will need to manually configure port forwarding for this usage through the router’s administration web site. How you do that of course varies wildly from router to router, but Microsoft supplies some decent web-based instructions. (They’re from Windows Small Business Server Essentials 2011, but still work for our purposes here.)

I had to go through this with the lousy Actiontec router that FIOS supplied, if you’re curious. If you can’t get this working with your own router, you can use LogMeIn Hamachi, which is a free VPN, and LogMeIn Free or LogMeIn Pro for other remote access features.

Accessing Anywhere Access features

As noted earlier, Anywhere Access includes two components, VPN and Remote Web Access.

VPN allows you to access network resources when you’re away from the office. The theory here is that your office’s local network is what’s called a “private” network, whereas the Internet is a public network. With VPN, you can tunnel into your private network from the Internet. That way you can do things like access Essentials 2012’s server folders (or shared folders on connected PCs) through Network Explorer, or access the server through Remote Desktop Connection or the Dashboard, just a bit more slowly than if you were really there on the same network. VPN is the next best thing to being there.

VPN is available in all Windows Server 2012 versions, but it’s set up and configuration is automated for you in Essentials 2012, making it a heck of a lot easier to use.

Remote Web Access is unique to Essentials 2012, and a friendlier, web-based way of presenting network resources to users who are away from the network.

Available services from this interface include:

Remote desktop access to the server and any correctly configured PCs. You can click the Connect button next to the server or any connected (and awake) PC to access it via Remote Desktop Connection.

Shared folders. You can access any server folder shares using an FTP-like web interface that lets you upload and download files from the road.

Windows Server 2012’s remote access features are pretty complete, assuming you can get through that Set up Anywhere Access wizard successfully. That shouldn’t be an issue for most people, but I’ve struggled for years with similar wizards in predecessor products, and have never successful configured the FIOS router for this purpose. Clearly it’s time for an upgrade.

Share this article

Discuss this Article 17

It looks like you omitted the import of a purchased third party certificate requirement to work for a domain you own in order to get anywhere access to work. I am stuck at this and have not found a way around it. I don't know anyone in a home environment willing to be shelling out the $$ yearly expense of third party certificates.

Rick, you can get a free server certificate from CACert.org . This is what I did to get my Anywhere Access going.

Paul, thanks for the article. I have one question: Is there any way Anywhere Access can be changed to work with a port other than 443? Unfortunately, my shiny new ASUS RT-AC66U router takes 443 for its AiCloud feature, and you cannot change its port at least at this time. I'd like to change Anywhere Access to work on something like Port 4343; I don't know if this can be done manually from within IIS on the server.

Otherwise you can use the built in client certificate distribution package.. its been in since sbs 2003 so I doubt its omitted from essentials 2012.
If it has, your options are
Export the AD-CA Root certificate from the server and import the public key into your computer's trusted root certificate store. Any certs generated using your AD-CA (including the RRW website and formally OWA) should pass has you have the root.

You can also push the certificate out to domain members using a group policy.

Hi Paul,
I've found all of your articles on WS2012E really informative and easy to follow, so I've used them to set up my own home server. Just one question, is it possible to remotely access the windows server 2012 desktop from the client machines whilst on the home network? So I'm thinking about operating the metro and control panel through remote access. Many thanks.

This is a good article but I do wish it was as simple as this. I'm trying to configure VPN on a new Dell server with 2012 Essentials and VPN refuses to configure. Ports 80 and 443 are forwarded correctly (although manually setup) and RDP, and web access works fine. 3rd party SSL certificate installed from RapidSSL too.

But the Wizard just keep saying "VPN was not configured successfully". I've checked the dashboard log file and all that says is "RemoteAccessAnalyzer: VPN server deployment result: InstallationFailed".

Do you have any suggestion at all about how I might be able to trouble shoot further? Any help very gratefully received.

I was able to get the setup wizard to work, what I did is called Verizon Fios Tech support and the tech was very knowledgeable and instructed me for a work around in the router setup, here we go!
1. log on to the router
2. click firewall and click yes
3. click port forwarding
4. in the first drop down box select your server or the IP address for your server.
5. in the second drop down box select custom ports 2 more boxes will show.
6. third drop down box select both and the open box type 443
7. click add then scroll to the bottom and click apply or resolve.

Now go to DMZ host on the left where you clicked port forwarding.
1. check the box and type in your servers IP address then click apply.

log out and try running the wizard again. that should do the trick, please let me know.

I was so excited when I saw your post, this is exactly what I have Verizon fios with essentials 2012 (except I have r2). I followed your instructions and still get the error. Starting to think it's the r2...hope not, I can't reinstall this whole server.

Ok so this may be a dumb question. Gut is there any way of allowing a non administrator to have the server Listed on the anywhere access site. I have spent hours scouring the internet for this answer and there is nowhere that specifically points this out. The only thing is that it is not available on the standard users when you are configuring the user..

Hi, I'm actually migrating away from Server 2012 Essentials to a QNAP TurboNAS and have released the xxx.remotewebaccess.com domain I used. How long does it take for my ISP's WAN IP to no longer be associated with the server?

Guys, we have a very strange issue. We have 2012 R2 essentials setup. Everything on access anywhere works fine except audio recording redirection. When you login via the essentials web site, click on the device icon, you connect, but audio recording device is not redirected. If I connect directly via RDP file is works fine. What are we missing?